RSS

Tag Archives: SQL Injection

8 Free SQL Injection Scanners & Tools

01 Apr

SQL_Injection

SQL injection is a very serious threat in the software and web industry as of current stats. It is also increasingly hitting databases like anything. The process allows miscreants to hack into your system through your web interface. However, the same tools could be used by security pros to find out SQL injection vulnerabilities in the system.

Get it

 
Leave a comment

Posted by on April 1, 2015 in MS SQL Server

 

Tags: , , , , , , , ,

What is SQL Injection? How to Protect Against SQL Injection Attack?

06 Aug

SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.

Here are few methods which can be used to protect again SQL Injection attack:

  • Use Type-Safe SQL Parameters
  • Use Parameterized Input with Stored Procedures
  • Use the Parameters Collection with Dynamic SQL
  • Filtering Input parameters
  • Use the escape character in LIKE clause
  • Wrapping Parameters with QUOTENAME() and REPLACE()
 
Leave a comment

Posted by on August 6, 2013 in MS SQL Server

 

Tags: , , , , , ,